[NTLUG:Discuss] Internet Connection Sharing presentation
terry
trryhend at gmail.com
Sun Jul 16 12:43:46 CDT 2017
See notes and comments online at:
http://fwlug.org/index.php?option=com_content&view=category&layout=blog&id=7&Itemid=17
If you have any questions, fire a way, I'll do the best I can.... Here is
a stab at one...
I was asked the question; “Why would I be interested in letting a PC do
router functions?” to which I did not give an adequate response. The short
answer is that not everyone will be interested and possibly most will leave
all such things to a router and that router might just have all the options
we need, but there is always the chance that some of us will find a router
lacking in some areas and may want to transfer some, if not all, router
functions to a PC. Whether it’s a small low power machine such as a
Raspberry PI, or an old laptop, or maybe even the desktop PC we use for
normal day to day tasks, everyone’s wants / needs vary to one degree or
another.
There are router / firewall distributions that make all this a bit easier
such as iPcop, Smothwall, SME Service, pfSense, IPFire, Endian [just to
name a few]. There will always be some of us that prefer the learning
experience of a roll-your-own approach. I suppose the main reason someone
would want to do this is simply; “Because I can”! But there are a few
features we may not find fully supported in many off-the-shelf routers,
such as policy-based routing, load balancing, traffic shaping / quality of
service, multiple uplinks, uplink failover, demilitarized zone, intrusion
detection / intrusion prevention, web ftp and E-Mail antivirus, antispam,
and content filtering. It boils down to the rather attractive notion of
having a full featured Router / Firewall that goes beyond what most routers
will do. Now we may not need all the features I listed above but just one
or two may be all it takes to spark this type of venture, (and the above
list is not totally complete either, I’m sure I left some out).
Just to be able to say, “I built my own”, may be all it takes.
The main interest is the Firewall aspect and not just any old firewall but
one that is fully customizable. Building a NAT Firewall puts lots of
advanced routing features at our disposal.
Let’s say we want to redirect port 25 mail server traffic to a mail server
of our choosing and you want to block everyone except traffic from your own
mail server from sending traffic out. Maybe you want to block outside
access for a particular IP maybe even incoming and outgoing traffic for
security purposes so that it’s only able to communicate within your LAN.
Maybe you want to block an outside IP, or a range of outside IP’s. Maybe
you want to block ping requests to one PC or another or to block incoming
ping requests to all. Maybe you want to redirect a certain port to a
non-standard one to some server you may have. Experimenting and learning
iptables and network address translation can be interesting.
Building your own router may just be an experiment or sort of a hobby,
[just for fun], but it may turn out to be useful in one way or another – in
other words, it may turn out to have some practical aspects.
I welcome any other questions or comments you may have....
--
In God we trust.
<><
More information about the Discuss
mailing list